A little bit about us
Do you think secure SDLC, "security as code", shifting left , security automation and scalability, and DevSecOps is the future?
We're building this at Telstra.
Welcome to Secure Code, we are a part of Telstra's Cyber Security team, and we are looking to move into a Greenfield operation, tackling security issues from project conception.
We have established a brand new team at Telstra (one year old) focussed solely on application security and secure code related initiatives.
The intent is to enable the business to be self-sufficient in practicing security so they are able to provide quality and secure code, at speed.
Our aim is simple : secure every line of source code owned by Telstra, as early as possible, whilst still enabling the organisation to move fast.
Our strategy is simple and centres on 3 key pillars :
People : Provide projects with access to application security expertise to enable secure solutioning, expedite security approvals, impart knowledge, influence security culture, build rapport, mentor and guide.
Process : Enable developers to become security ninjas and learn secure coding by providing them with access to a technical application security training and development program.
Tools : Integrate security automation into the software development lifecycle to support early feedback loops to developers regarding security defects in their code, ultimately reducing the overall cost of remediation.
The Secure Code team's mandate is global. We will be responsible for securing every line of source code owned by Telstra, whether the code is developed by Australian-
based internal developers, offshored developers, vendors engaged on long terms MSA's, vendors engaged on short term SOWs, or inherited via recent M&A activity (such as Telstra International and Telstra Health).
It's an exciting prospect and the ability for this team to make a difference to Telstra's overall security posture is vast.
There are not many large enterprises in the world who have mature, well-established application security and secure code review programs and so this presents a real opportunity for Telstra to 1) "do it properly" and 2) lead the way with regard to secure software development.
Be part of this exciting journey at Telstra as we become a world-class technology company!
In this role as the Secure Code Specialist, your key responsibilities include but not limited to :
Be the face / front-door of the Secure Code Team in your region.
Support the Secure Code Team’s objective of securing every line of source code owned by Telstra, as early as possible, whilst still enabling the organisation to move fast.
Act as a technical subject matter expert in application security testing and secure source code development.
Recommend and negotiate practical security improvements to mitigate application vulnerabilities.
Assist with defining, shaping and executing the Secure Code team’s strategy centred around enablement through access to security expertise, security automation tooling and secure code training.
Perform ad-hoc technical secure code reviews / engagements for critical Telstra projects including triage, scoping and execution to identify common application security vulnerabilities.
Promote the concept of shifting left to enable the organisation to produce quality and secure code, at speed.
Mature and contribute to overall team performance by working on the business and in the business when required to ensure the Secure Code team is constantly high performing .
Work collaboratively with the Secure Code Manager and other Senior Security Code Specialists (globally) to drive forward the Secure Code strategy.
Be part of the Secure Code leadership team and provide direction and input into future capability, resourcing, roadmaps, and operations.
Act and / or represent the Secure Code Manager as and when required.
What we are looking for :
To be successful in this role, you will have the following experience and qualifications :
Seasoned security professional with a strong application security background and a passion for secure SDLC.
Experience rolling out an enterprise grade application security and / or secure code program.
Strong understanding of application security architecture principles including transport security, authentication, authorisation, threat modelling, and logging and monitoring.
Excellent knowledge and hands-on experience identifying and remediating common application security vulnerabilities in source code.
Demonstrable experience performing security engagements / reviews of software and applications for vulnerabilities, including typical web and mobile applications, consumer platforms, critical telecommunications code and infrastructure management code.
Demonstrable exposure to modern software development tools and processes. Experience as a developer / software engineer is a significant advantage.
Exposure to various design and delivery methods & methodologies, including Waterfall, Lean, Agile and DevOps.
Experience building, integrating and using security automation tools, especially in CI / CD context.
Experience in developing and / or contributing to strategy or standards documentation, including application security standards and coding guidelines.
Excellent written and oral communications skills is essential.
Excellent client engagement and consultative manner.
Ability to lead and manage.
In return for all your hard work within this role, you will be given exposure to a wide variety of career pathways within Telstra, with plenty of scope for learning and development.
If this role fits with your career goals and experience, click apply now!
Benefits and Career Path :
Working for the most successful Telco Company in Australia also brings with it some great benefits, including : Working with the top IT Specialists in the APAC Region who provide support and mentoring, Substantial discounts on a range of Telstra products (including FOXTEL), Financial benefits such as Telstra Share Options, Great Salary Packaging Options and discounts on various retail, health and fitness and entertainment areas, Excellent work / life balance that allows you to have an excellent divide of personal needs and work commitments and performance bonuses*.
Check out our website for more information and testimonials from our Employees.
We’re committed to building a diverse and inclusive workforce. To enable everyone to participate, we’ve developed an All Roles Flex’ policy to consider flexible ways of working for every role.
To learn more, visit https : / / careers.telstra.com / allrolesflex